views:

93

answers:

4

I'm allowing authenticated users to upload image files with my PHP application. Assume I've built in the necessary security to make sure the file itself is valid, is there a possibility of the http transmitted file to be intercepted in some way? If so, how can I protect the transmission of the file? Would HTTPS be the way to go?

Also, the web server the application resides on can only be accessed by authenticated users. Does this mean that the http stream of data is also protected? It would seem to me that it is.

+2  A: 

If you use HTTPS, the whole communication after establishing the connection will be transfered encrypted over SSL. Thus the file uploads will be sent encrypted too.

Gumbo
+1  A: 

If there is Main in The Middle, he can sniff the contents of the transmitted file. You must use a secure connection in order to prevent this. So HTTPS would be the answer.

Maciej Łebkowski
HTTPS is not immune to MITM attacks.
Roger
+1  A: 

Yes, use HTTPS if you want to ensure that the data can not intercepted.

rikh
A: 

also, check if the uploaded file really is an image and not a script.

Schnalle